Trust-but-Verify in Cyber-Physical Systems

Abstract

Cyber-physical systems span a wide spectrum, from long-lived legacy systems to more modern installations. Trust is an issue that arises across the spectrum, albeit with different variants of goals and constraints. On the one end of the spectrum, legacy systems are characterized by function-based designs in which trust is an implicitly in-built concept -- the operation is historically designed, implemented, and optimized in a benign stance with respect to intended use. On the other end of the spectrum, modern systems are characterized by offerings from manufacturers, vendors, and system installers -- the devices and deployments use a variety of security features that offer promises of increased trust. All along this spectrum of cyber-physical systems, extending trust beyond the traditional cyber portions to the arteries that connect the physical portions to the cyber portions is a major challenge. Here, we identify a Trust-but-Verify approach that spans this spectrum in addressing trust.